Monday, September 3, 2007

E-mail accounts of embassies and Government offices across the world, including India hacked due to lack of Cyber Security

A hacker, Dan Egerstad from Sweden, who published passwords of 100 e-mail accounts of embassies and Government offices across the world, including India, on his website http://derangedsecurity.com. The hacker said he took only a few minutes to figure out the account details.

This shows that there is lack of basic cyber security. Due to the lack of security anyone with moderate skills in security could have figured this out and done it. A cyber security expert said that a POP (Post Office Protocol) server that had not been updated for security could have been exploited by the hacker to get usernames and passwords.

The Indian Express said in their website that they were sent a test mail to the Indian Ambassador in China on her official email ID and, using the password posted online, to check the authenticity and was able to access it. These email IDs contained important official details including phone numbers, commercial documents, official correspondence and personal mails.

Within hours of the story appearing in the Indian Express, the DRDO mail server was shut down and all embassy e-mail accounts were taken offline by the Ministry of External Affairs (MEA). However, it will take cyber forensic experts several days to get an idea of how much confidential material was illegally accessed.

DRDO confirmed that the hacked account belonged to a Defense Scientific Information and Documentation Centre (DESIDOC) official, but it was rarely used. The Ministry of Defense (MoD), however, said it was conducting a detailed investigation into the incident.